fix(ec2_instance_secrets_user_data): Include line numbers in status (#2639)

2026-02-10 23:05:05 +00:00 · 2023-07-31 10:33:34 +02:00
parent e08424d3a3
commit 386f558eae
2 changed files with 26 additions and 4 deletions
--- a/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py
+++ b/tests/providers/aws/services/ec2/ec2_instance_secrets_user_data/ec2_instance_secrets_user_data_test.py
@@ -101,6 +101,12 @@ class Test_ec2_instance_secrets_user_data:
                == f"No secrets found in EC2 instance {instance.id} User Data."
            )
            assert result[0].resource_id == instance.id
+            assert (
+                result[0].resource_arn
+                == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION}:{current_audit_info.audited_account}:instance/{instance.id}"
+            )
+            assert result[0].resource_tags is None
+            assert result[0].region == AWS_REGION

    @mock_ec2
    def test_one_ec2_with_secrets(self):
@@ -134,13 +140,15 @@ class Test_ec2_instance_secrets_user_data:
            assert result[0].status == "FAIL"
            assert (
                result[0].status_extended
-                == f"Potential secret found in EC2 instance {instance.id} User Data."
+                == f"Potential secret found in EC2 instance {instance.id} User Data -> Secret Keyword on line 1."
            )
            assert result[0].resource_id == instance.id
            assert (
                result[0].resource_arn
                == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION}:{current_audit_info.audited_account}:instance/{instance.id}"
            )
+            assert result[0].resource_tags is None
+            assert result[0].region == AWS_REGION

    @mock_ec2
    def test_one_ec2_file_with_secrets(self):
@@ -177,13 +185,15 @@ class Test_ec2_instance_secrets_user_data:
            assert result[0].status == "FAIL"
            assert (
                result[0].status_extended
-                == f"Potential secret found in EC2 instance {instance.id} User Data."
+                == f"Potential secret found in EC2 instance {instance.id} User Data -> Secret Keyword on line 1, Hex High Entropy String on line 3, Secret Keyword on line 3, Secret Keyword on line 4."
            )
            assert result[0].resource_id == instance.id
            assert (
                result[0].resource_arn
                == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION}:{current_audit_info.audited_account}:instance/{instance.id}"
            )
+            assert result[0].resource_tags is None
+            assert result[0].region == AWS_REGION

    @mock_ec2
    def test_one_launch_configurations_without_user_data(self):
@@ -221,3 +231,5 @@ class Test_ec2_instance_secrets_user_data:
                result[0].resource_arn
                == f"arn:{current_audit_info.audited_partition}:ec2:{AWS_REGION}:{current_audit_info.audited_account}:instance/{instance.id}"
            )
+            assert result[0].resource_tags is None
+            assert result[0].region == AWS_REGION